You could try Turbo Power: LockBox. An old company which has since gone out of business. However, they did open most of there products to open source on sourceforge.net
LockBox has a sent of Encryption Components including Blowfish and MD5 data encryption. Depending on requirements they can be one or two way encryption/decryption. http://sourceforge.net/projects/tplockbox/ LockBox is a cross-platform toolkit for data encryption. It contains routines & components for use with Borland Delphi, C++Builder, & Kylix. It provides support for Blowfish, RSA, MD5, SHA-1, DES, triple- DES, Rijndael, & digital signing of messages. ----- Original Message ---- From: Rob Cameron <[EMAIL PROTECTED]> To: [email protected] Sent: Friday, January 26, 2007 6:07:47 AM Subject: Secure text in apps Good day to you all! This is a very common problem which I have partly solved in a variety of ad hoc ways over the years but would appreciate advice on. I want to store small amounts of text in an application, as securely as possible. Typical examples might be user-names and passwords, or other validation data such as license period dates, etc. The simple way is to provide an INI file or similar, use the password to encrypt itself, require the user to log in and use a successful password check as the key to open more doors. However, if a multi-user app requires access to a database - it implies the app knows the path, user and password for the DB - before asking individual users to log-in. The individual user passwords are stored in a USERS table in the DB, but how to store the user and password for the DB itself? I suppose one solution is to have an INI file on every client with a(n encrypted) list of all user details, but that is not a nice solution. And I don't want users to have to go through two stages of username/password entry to get into an app. One solution I have used is the 3rd party components IceLicence and SecureCode from IonWorx, both of which offer a "SecureStrings" property where the text is stored encrypted - like a TStrings but encrypted/decrypted on the fly. However, I am uneasy about 3rd party components. 1. I lose control over how it is implemented but my clients have to take my word that someone else's components are secure enough. 2. 3rd party, commercial solutions attract the attentions of crackers. As far as I can tell the IonWorx products are high quality but there has been debate and criticism of them on other forums, and claims that they have been cracked which make me a bit uneasy. 3 I think an important part of security is the introduction of a bit of eccentric, individualised coding for each project which makes it that little bit more effort to crack and less worth it for just one product. Other solutions I've tried, more or less successfully: - use a mathematical method to compute a password (OK as long as the exe is not reverse engineered); - use an algorithm to select single characters from other innocent text strings such as object names and thus assemble a password; Both of these give headaches if you want to change passwords regularly. Can anyone make suggestions, or point me at a web-page, tutorial etc that might help? I appreciate that I will not be able to create a perfectly uncrackable system, but just avoiding plain text saved in the exe would be a good start. Many thanks, Rob _______________________________________________ Delphi mailing list -> [email protected] http://www.elists.org/mailman/listinfo/delphi _______________________________________________ Delphi mailing list -> [email protected] http://www.elists.org/mailman/listinfo/delphi
